another approach?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


went to my hotmail account to check my email and found the following
email....



Hello! Attention! The wire sent to Vladimir Kirkorov, Moscow, Russia has
been blocked by our security service. Your credit card issuing bank has
halted the transaction by the demand of the Federal Criminal Investigation
Service (case No. 20721 since the recipient has been undergoing the
international retrieval by the InterPol. Please contact the closest Western
Union office and make sure you have your ID card, the credit card that was
used for making the payment, and the invoice file with you. (The invoice
file is attached to this message; please print it out and hand it to our
agent.) You can find the address of the closest Western Union agent on our
website at http://www.westernunion.com Thank you!attached:MTCN.zip 56.kb
which was detected: Trojan program Trojan-Spy.Win32.Zbot.ero anyone have any
info on it?  google only returns 4 results but no information about it.



Re: another approach?



On 09/10/2008 09:29 AM, kreepz sent:
Quoted text here. Click to load it

Hello:

If you have downloaded attachment, you might consider sending it to:

                  <http://www.virustotal.com/

but do not open it.  After sending the suspected attachment to the
above, delete it.

If you have *not* downloaded the attachment, no harm will come to you,
but delete it from your hotmail account.

If you have no knowledge of the transaction, and you do have a credit
card, you would do well to contact your credit card issuer for
validation of recent charges.  If the credit card issuer, and you, agree
that no fraudulent charges have been made against your account, consider
the email to be a phishing scam with an added nasty payload.  If a
suspected fraudulent charge has been made, challenge it immediately
with the credit card issuer.

The malware, you describe above, seems to be only a few days in the
wild.  However, it may be a variant of a similar one.

While all this is fresh in your memory, check your system for good
protection on all fronts.  After checking their update status, perhaps a
full system scan, using all your protection applications, is in order.

Thank you kindly for this informative posting.  Please reply with a post
as to your results so others may benefit.

Best wishes to you

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: another approach?



thanx for the info and feedback ipw!  it is very much appreciated.


Quoted text here. Click to load it



Re: another approach?




| went to my hotmail account to check my email and found the following
| email....



| Hello! Attention! The wire sent to Vladimir Kirkorov, Moscow, Russia has
| been blocked by our security service. Your credit card issuing bank has
| halted the transaction by the demand of the Federal Criminal Investigation
| Service (case No. 20721 since the recipient has been undergoing the
| international retrieval by the InterPol. Please contact the closest Western
| Union office and make sure you have your ID card, the credit card that was
| used for making the payment, and the invoice file with you. (The invoice
| file is attached to this message; please print it out and hand it to our
| agent.) You can find the address of the closest Western Union agent on our
| website at http://www.westernunion.com Thank you!attached:MTCN.zip 56.kb
| which was detected: Trojan program Trojan-Spy.Win32.Zbot.ero anyone have any
| info on it?  google only returns 4 results but no information about it.



These are UPS and FedEX and it now looks looks like they are using Western Union
as the
body of a Social Engineering attempt to get you infected.

The headers will give this away.  If you use a webmail interface instead of a PC
based
email client and you can't view headers then, well you should consider switching
to an
email client.

What do you want to know ?  Specifics about the Zbot ?

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=149589

http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=zbot&alt=zbot

http://www.f-secure.com/v-descs/trojan-spy_w32_zbot_hs.shtml
http://www.f-secure.com/v-descs/trojan-spy_w32_zbot.shtml
http://www.f-secure.com/v-descs/trojan-spy_w32_zbot_go.shtml


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: another approach?



On Wed, 10 Sep 2008 09:29:09 -0700, kreepz wrote:

Quoted text here. Click to load it

http://scanner.virus.org /

Re: another approach?



Ahh, the good old Zbots.   I've had many 'hooks' associated with them,
latest was about some plane ticket I bought.

Not too pleased as NOD32 missed a few ;-(

And no I wasn't infected, but did submit the obvious infected .exe's
to virustotal and any missed ones directly to Eset (zipped, and
password protected with infected).


Re: another approach?



so funny~~American...Too Smart..
写入消息新闻:yBSxk.12916$L_.1527@flpi150.ffdc.sbc.com...
Quoted text here. Click to load it



Site Timeline